centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels

stamparm · stamparm · commit 8e74c571bc4e · 2011-01-27T19:44:24.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -407,7 +407,7 @@ def checkSqlInjection(place, parameter, value):
                         # Feed with test details every time a test is successful
                         injection.data[stype] = advancedDict()
                         injection.data[stype].title = title
-                        injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload, False)
+                        injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload)
                         injection.data[stype].where = where
                         injection.data[stype].vector = vector
                         injection.data[stype].comment = comment
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -716,20 +716,14 @@ def addPayloadDelimiters(self, inpStr):
 
         return retVal
 
-    def removePayloadDelimiters(self, inpStr, urlencode_=True):
+    def removePayloadDelimiters(self, inpStr):
         """
         Removes payload delimiters from inside the input string
         """
         retVal = inpStr
 
         if inpStr:
-            if urlencode_:
-                regObj = getCompiledRegex("(?P<result>%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER))
-
-                for match in regObj.finditer(inpStr):
-                    retVal = retVal.replace(match.group("result"), urlencode(match.group("result").strip(PAYLOAD_DELIMITER), convall=True))
-            else:
-                retVal = retVal.replace(PAYLOAD_DELIMITER, '')
+            retVal = retVal.replace(PAYLOAD_DELIMITER, '')
 
         return retVal
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -400,25 +400,25 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
             logger.log(9, payload)
 
         if place == PLACE.COOKIE and conf.cookieUrlencode:
-            value = agent.removePayloadDelimiters(value, False)
+            value = agent.removePayloadDelimiters(value)
             value = urlEncodeCookieValues(value)
         elif place:
-            value = agent.removePayloadDelimiters(value, URL_ENCODE_PAYLOAD[place])
+            value = agent.removePayloadDelimiters(value)
 
         if conf.checkPayload:
             checkPayload(value)
 
         if PLACE.GET in conf.parameters:
-            get = urlencode(conf.parameters[PLACE.GET]) if place != PLACE.GET or not value else value
+            get = urlencode(conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value)
 
         if PLACE.POST in conf.parameters:
-            post = urlencode(conf.parameters[PLACE.POST]) if place != PLACE.POST or not value else value
+            post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value)
 
         if PLACE.COOKIE in conf.parameters:
             cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
 
         if PLACE.UA in conf.parameters:
-            ua = urlencode(conf.parameters[PLACE.UA]) if place != PLACE.UA or not value else value
+            ua = urlencode(conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value)
 
         if PLACE.URI in conf.parameters:
             uri = conf.url if place != PLACE.URI or not value else value
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
@@ -137,6 +137,6 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
     validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
 
     if validPayload:
-        validPayload = agent.removePayloadDelimiters(validPayload, False)
+        validPayload = agent.removePayloadDelimiters(validPayload)
 
     return validPayload, vector
